When using Jython in a container with security enabled, the
"__classpath__" classpath causes a SecurityException unless there is a
FilePermission grant to "__classpath__/-". Since the injection of
"__classpath__" to the classpath is sort of a hack to get the
JavaImporter to be used, it would seem there should be code to ignore
the use of the path when loading classes. In particular, the two places
I noticed an issue are:
1) org.python.core.imp.loadFromSource(String, String, PyObject)
A check for dir.isDirectory() will cause the SecurityException. As a
potential workaround, first check for
directoryName.equals("__classpath__") and if true, return null.
2) org.python.core.SyspathJavaLoader.loadClass(String, boolean)
A call to file.length() will cause the SecurityException. As a
potential workaround, first check for !dir.equals("__classpath__")
before proceeding to create the File and read from it.